Author Archives: Kelly Brown

About Kelly Brown

An IT practitioner by education and trade and an educator by good fortune.

Automotive Tracking Technology: Intrusive or Practical

Students are heading back to school. New college students on their own for the first time face a lot of challenges and nervous parents back home face fears of the unknown. If parents are sending their student off with a car, there are technologies that help limit the speed and other functions or even track the whereabouts of the car in real time. While these technologies are not new, they can allay some of the fears of the parents of young drivers. Let’s take a look at some.

Limiting Functionality

The folks at Ford have developed what they call MyKey. One key fob becomes the administrator key and the other inherits limited functionality. The administrator key can limit the speed of the car, cap the volume of the radio and keep it muted until the seatbelt is secure, ensure that all safety features are automatically turned on, and can set nagging seat belt chimes and deliver an earlier low fuel warning. The non-administrator key receives these settings. Although, I can see an enterprising young student in Engineering 101 or Computer Science 101 figuring out a way to reverse the settings in order to enjoy unfettered driving. This system also could keep a spouse with a lead foot out of trouble, but in that case, their partner holds the administrator key.

Tracking

A lot of modern vehicles have satellite navigation and many are also equipped with a GPS tracker for locating the car. This is important when a car is stolen but can also give peace of mind to a worried parent. General Motors has developed Family Link to be used in conjunction with their OnStar system. A family member can access Family Link online through their account and see the current location of the vehicle. They can also set up alerts to show when the car has arrived at its destination or where the car is at a specific time, curfew for example. I assume and hope that the folks at GM have built in a very strong security layer to prevent stalkers from accessing that same information. The technology is similar to that used by outdoor enthusiasts to broadcast their location in case they get into trouble and cannot communicate.

Some may see this technology as intrusive, but tracking a new driver or a family member driving in inclement weather might lessen the anxiety.

Thoughts

These technologies exist today, both as standard equipment or after-market. They can be plugged into the on-board computer and give early warning about failing mechanical or electrical systems or limit functionality. All of these technologies are designed to provide information or to ensure the safety of drivers, particularly first time drivers. Do you think these devices limit freedoms or promote more freedom for young drivers? I guess it partly depends on whether you are the one holding the administrator key or the other key.

About Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Risk and Security of Connected Healthcare Devices

A recent Forrester Research report highlighted the security risks of connected healthcare devices and some of the implications of lax policies of manufacturers and care providers. This brings to mind for me all kinds of doomsday scenarios so I want to highlight some of the best practices in the report. These apply to the healthcare industry and other businesses.

Internet of Things

Part of the allure of the internet of things (IoT) is that many devices can be connected, including medical devices. In a recent article, author Yash Mehta highlighted some connected and potentially connected devices. On the list are monitoring devices which allow patients to be at home instead of a hospital. He also mentions companies that are developing edible IoT “smart” pills that will help monitor health issues and medication. This is an area where I would want the tightest security.

Steps for Security Planning

Start from the inside when thinking about security. Is everyone in your organization following best practices? Are you requiring passwords be changed regularly? Is everyone following this requirement or have they developed a workaround? Are there any shared accounts with a shared password? One of the biggest security holes has to do with social engineering. A hacker will pretend to be someone trustworthy to secure passwords or entrance into secure systems, then launch a widespread attack. Make sure everyone in your organization is educated and prepared for such an attempt.

Verify that the new devices have security built in from the manufacturer. This applies to health care IoT and other connected devices. It is hard to build security with no foundation. Push manufacturers to install a minimum level of threat protection in every device.

It is necessary to separate device information from actual customer details. In the case of health care, that means storing data collected from the connected device in a separate data structure than the patient data. In a retail establishment this means storing credit card information away from personally identifiable information such as customer name and address. The two can be linked via a separate ID but it should be difficult for a hacker to connect the two sources of information.

Thoughts

It is exciting to think of all of the possibilities with IoT devices but it is sobering to contemplate the security risks. All of us must consider and mitigate the risks, either as consumers or as part of an IT team building the tightest security possible. IoT devices are coming. Are you ready?

About Kelly Brown

Avoiding Disasters: The Value of Continuity Planning

The recent technical problems with the Delta Airlines network got me thinking about the value of business continuity planning. We teach an AIM short course dedicated to business continuity and disaster recovery planning and stress the importance of thinking through all potential scenarios. Consider this a friendly reminder to update and test your plan to make sure it is still valid. Has anything changed since your last test and could it halt your business? What is the worst-case scenario and how will you deal with it?

Delta

Delta is just the latest example of a sophisticated network of hardware and applications that failed and caused disruption to a business. In the case of Delta, a power control module failed in their technology command center in Atlanta. The universal power supply kicked in but not before some applications went offline. The real trouble began when the applications came back up but not in the right sequence. Consider application A that requires data from a database to process information to send to application B. If application B comes up before Application A, it will be looking for input that does not exist and will go into fault mode. In the same vein, if application A comes up before the database is online, it will be looking for data that does not yet exist and will fault.

Any of these scenarios will affect business operations such as ticketing, reservation and flight scheduling processes. Once flights are canceled due to lack of valid information, then the crew in San Francisco cannot get to Atlanta to start work and even more flights are canceled or delayed. In this case, it took four days before flights were fully restored. That is a lot of lost revenue and goodwill just because one power control module failed in a data center.

Disaster Recovery Planning

Information systems and networks are complex and getting more so all the time. In order to develop a plan to cover a potential interruption consider the following steps:

Map out your environment. Understand what systems you have, their operating systems, how they are dependent on each other, and how they are connected to each other via the network. Is it critical that all these elements come up in sequence? This map will be crucial in the event you need to rebuild your systems after a disaster.
Understand risks and create a plan. Understand your risk for each system and application. A small application that only runs once a month may not need attention whereas a customer order fulfillment application that runs 24/7 should be able to failover without interruption. Create a plan to keep the environment running or to restore it quickly.
Test the plan. This may be the most important part of the process. Testing the plan on a regular basis ensures that you have accounted for any changes to the environment and ensures that all people are up to date on their part in the event of a problem. Periodic testing also keeps the plan active and not something that becomes “shelfware.”

Thoughts

Businesses increasingly rely on sophisticated technology in order to sell product, service customers and communicate with partners. Any break in that technology can have a real impact on revenue and the long-term viability of the business. Have you tested your business continuity plan lately?

About Kelly Brown

Technology in Military and Law Enforcement

Police officers and military personnel face potential danger every day. This week we’ll look at technology that supports them and makes their jobs easier and safer.

Bomb Detecting Drones

According to a recent article, there are an estimated 100 million live land mines in the world. Many of these are from conflicts long past, but some are placed to sway the outcome of a current battle. Unfortunately there are no maps to show exactly where these land mines are planted. The Mine Kafon Drone can detect and destroy land mines and is currently looking for Kickstarter funding. It works by mapping an area and then using a metal detector to locate the mines within that area. When one is found, it is tagged with a GPS detector to mark its location. The drone then returns to the operator to be fitted with a robotic arm so that it can place small detonators on the mine. The mines are then detonated remotely with both the drone and the operator out of harm’s way. This is a great example of technology being applied to a serious and life threatening problem throughout the world.

Robots in Police Work

Police and rescue personnel use robots to find and retrieve missing people. These robots or drones can search for people in dangerous places; once a person is detected, the rescuers can plan a safe way to extract them. This is important in situations where someone is in a collapsed building or in an area where there are toxic chemicals.

Similar robots are now being used to neutralize a threat such as an active shooter. These robots are fitted with cameras and sensors, even guns or explosives when the mission is to eliminate the threat. These are used only as a last resort when negotiations break down or are not possible. As I think about the future of such devices, I wonder if we could apply this technology to war strategy. Can we ever get to a point where we choose an isolated location and each side sends out their best drones and robots to try to destroy the other side? The operators and other humans could be safe, far away from the conflict. Would it mean as much to blow up each other’s devices as to actually harm people? It would certainly be safer for us.

Thoughts

I am grateful for those who are developing technology to improve the safety of the men and women who protect us. I will be watching the development of the Mine Kafon Drone and other devices that detect and remove threats. Let me know of any similar technologies that you are aware of. I think this is a young but growing field.

About Kelly Brown

Rule 41 and Digital Privacy Rights

Proposed changes to Rule 41 of the Federal Rules of Criminal Procedure would allow a judge to authorize a search and seizure outside of their jurisdiction. For example, a Massachusetts judge could authorize a search in Alaska or even in a foreign country. This would mainly apply to government electronic hacking efforts into computers and computer networks. The changes have been approved by the Supreme Court and will go into effect on December 1 unless challenged by Congress.

I believe this is a slippery slope that threatens the Fourth Amendment protections against unreasonable searches and seizures. What are the implications of this possible erosion of privacy on our own computers and networks?

The Fourth Amendment

The Fourth Amendment was added as part of the bill of rights in 1791 and deals with the search of homes and private property without a properly executed search warrant. It stems from the almost unlimited powers granted to British tax collectors to search homes and property for contraband that wasn’t being returned to King George in the form of taxes. Those who drafted the Fourth Amendment could not foresee 21^st century technologies and interconnected systems. At issue now is whether a warrant can be issued remotely and whether one warrant can be issued for hundreds or even thousands of systems through surveillance and hacking.

No Expectation of Privacy

Senior U.S. District Judge Henry Coke Morgan Jr. recently ruled, “people should have no expectation of privacy on their home PCs because no connected computer ‘is immune from invasion.’” This is a ruling associated with a case of government takeover and surveillance of a site on the dark web for the purpose of collecting networking information of visitors. One warrant was issued for many searches, including those outside of the United States. The judge in this case argued that even that one warrant was not necessary because the defendants were engaged in illegal activity and took measures to hide those activities behind the anonymity of the dark web.

Digital Rights

Advocates such as the Electronic Frontier Foundation are challenging this ruling and filed an amicus brief in this case, but to no avail. My main question is how much privacy should we expect on our personal systems and in our transactions on the web? This case maintains that because there are so many hacking attempts we should have no expectation of privacy, even from our government. This seems like a spurious argument at best. I have written before about the notion of geographical boundaries and how those boundaries are disappearing as we engage in more electronic transactions. This case and the proposed changes to Rule 41 only accelerate the dissolution of boundaries.

Thoughts

My aim is to make you aware of the activities and rulings that could affect your right to privacy, particularly digital privacy. Is there cause for concern? Let me know your thoughts.

About Kelly Brown

Life Lessons from the Road

Earlier this month I rode in the Seattle to Portland Bicycle Classic. That is 205 miles in the saddle over two days, although some choose to complete it in one day. I have done this ride before so I knew what to expect. Two days on the bike gives me a lot of time for reflection and I would like to share, particularly with AIM students, some of those thoughts. I call them lessons from the road, which applies to my time in the saddle and throughout my life in general. Hopefully they resonate with you as well.

Don’t Quit Until You’re Done

For those of us who choose to do the ride over two days, there are various towns where you can camp overnight. The official center point is the 102-mile mark and riders can camp there at a small college. Others, like me, opt to put in a few more miles on the first day and stay at the 120-mile mark, which makes for a much easier second day.

That night I ate with fellow riders and I repeatedly heard, “Oh, that last 20 miles almost did me in.” They set out that morning knowing full well they were going to ride the longer distance so it should not have been a surprise. After talking to many of them, it dawned on me that they mentally finished at the halfway point when everyone was cheering and congratulating them for a job well done. For the last 20 miles they were riding in body only, having already finished for the day in mind and spirit.

How many times in our lives do we do the same thing? We set an attainable goal for ourselves and then we quit mentally before we are finished. We try to coast for the last 20 miles or the last class or the last effort that needs all of our concentration. I am going to always try to finish strong and I challenge you to do the same.

Watch Out for Those Around You

In this ride they cap registration at 10,000 so there are always fellow riders around you. It is not as bad as a Tour de France peloton but sometimes the distance between wheels can be measured in inches. It can take a lot of concentration to watch out for others, but the reward is a safe ride. I came upon more than one accident involving multiple riders so I know the risk.

As in cycling, it makes sense to watch out for others as we pass through life. Not necessarily out of a sense of danger but in the spirit of lending a hand. Do you ever notice a fellow student struggling and reach out to try and help? Do you try to help young people, or perhaps the elderly, during your day? Sometimes others struggle with tasks that seem routine to us so it never hurts to lend a hand.

Enjoy the Scenery

One of the most important lessons I learned during those hours in the saddle is to enjoy the scenery. I am not the fastest rider and I often hear the phrase “passing on your left.” While I will most likely never finish first in any of these rides, I definitely take the time to enjoy the scenery. Each mile brings a different view and, while pavement is not very interesting to look at nature, people and architecture definitely are. Whether high up on a bridge or deep in a forest, there is always something interesting to see.

Life can be hard and finishing a degree program can be hard, but I think it is important to look up every once in awhile and take in the scenery. It helps to put everything else in perspective.

Thoughts

These are my thoughts from the road. Finish strong, help others, and enjoy the scenery along the way. Do you have any life lessons that you have picked up on your journey? I would love to hear your thoughts.

About Kelly Brown

Pokemon Go and the Future of Augmented Reality

Augmented reality took a big leap forward this month with the release of Pokemon Go from Niantic Labs and partner Nintendo. This game has become very popular and has drawn praise and criticism from different groups. Many are excited about getting players young and old out of the house, but some are concerned about the potential security problems when the lines are blurred between the virtual and real worlds. Personally, I am fascinated by the social implications of this technology and its potential benefits in gaming and extended professional scenarios.

Pokemon Go

Pokemon Go requires players to chase Pokemon cartoon characters in the real world using a smart phone. It uses the smartphone camera and clock to overlay one of 151 characters in real places such as the city, the beach, the forest or in buildings. The player must collect these characters wherever they may be. Water characters can only be collected near waterways and night fairies can only be collected at night. The game has become so popular that Darwin police in Northern Australia have alerted players that they do not need to come into the police station to catch a particular character:

For those budding Pokemon Trainers out there using Pokemon Go — whilst the Darwin Police Station may feature as a Pokestop, please be advised that you don’t actually have to step inside in order to gain the pokeballs. It’s also a good idea to look up, away from your phone and both ways before crossing the street. That Sandshrew isn’t going anywhere fast. Stay safe and catch ’em all!

This is not the first augmented reality game, but so far it’s the most popular. Niantic released a similar game called Ingress in 2015. Pokemon Go uses the same database of features and is basically Ingress using Nintendo characters.

Recent History

Niantic Labs was a Google creation but spun off last fall during the Alphabet restructuring. The original intent by Google was to build things on top of the incredible mapping technology that they already have. Think about Google Maps, Google Earth, and Google Street View. They have a comprehensive database of geo coordinates, so it makes sense to augment (no pun intended) that work with a game. This is a great example of an innovation extension.

My Interest

I have seen similar application research recently in the field of education. The premise is that if young people could be enticed to go to a park or a museum or into the forest, they could learn about the features of that location and earn tokens at the same time. Basically, this is the gamification of nature or history. I have written about this topic before, but I am all in favor of enticing people to go outdoors, whether to search for cartoon characters or for solitude away from the stress and distractions of everyday life.

Thoughts

Games like Pokemon Go could be the first of many popular augmented reality games. While there are still some bugs to be worked out, the technology is promising. Have you played Pokemon Go? Do you think this is a passing fad or the beginning of a new reality? Let me know your thoughts.

About Kelly Brown

Customer Data: The New Capital

Sports Authority, a retail chain of sporting goods stores, recently filed for bankruptcy and sold off all of their assets. One of the highest bids was for their name, e-commerce site and customer data, bought by rival Dick’s Sporting Goods for $15 million. In contrast, a package of several store leases went for only $8 million and naming rights to Sports Authority Field, also known as Mile High Stadium, home of the Denver Broncos, is still on the auction block. It appears that customer information is the new desired capital, but what does that say about our privacy and the use of our personal information? Is it truly for sale to the highest bidder? Did we actually agree to that?

Privacy Policies

The Sports Authority privacy policy states, “We may transfer your personal information in the event of a corporate sale, merger, acquisition, dissolution or similar event.” Information collected and stored at the Sports Authority website includes full name, street address, e-mail address, telephone number, credit card number, and credit card expiration date. This is not unique to Sports Authority; other online retailers collect the same information and include a similar caveat in their privacy policies. It is up to the consumer to read and understand that clause and decide whether it is worth the risk.

Relationships

When signing up for rewards programs I agree to hand over my personal information, regardless of whether I read the privacy policy or not, but I expect our relationship to end if the company is dissolved. In the case of Sports Authority, my intended relationship was with them and not with Dick’s Sporting Goods or someone else. Is there a step in the process that lets me break off the deal should I not want to be solicited by the highest bidder?

Thoughts

With value on customer data comes responsibility to customers who have disclosed their information and expect at least a minimum of privacy and discretion. Privacy advocates are watching these developments closely. They are concerned that the new owners will not adhere to the original privacy agreement and will use the customer information in ways not originally agreed upon.

Let me know your thoughts on buying and selling customer information. It is not a new idea. I have received solicitations from car dealers for years based on information available from the division of motor vehicles. What is new is how easy it is to collect, buy, and sell this information and the amount of associated customer information collected, which can be put up for sale to the highest bidder.

About Kelly Brown

Brexit and the Technology Industry

The recent decision by Britain to exit the European Union (Brexit) has people asking a lot of questions. Some analysts are pondering British technology regulations and the state of the technology industry post European Union. There are surprising implications that perhaps have not been considered but probably would not have made a difference in the vote.

Silicon Roundabout

An area in East London has been dubbed Silicon Roundabout for the concentration of high-tech firms, particularly start-ups. In a 2013 Guardian article, director of Twilio Europe James Parton cites reasons for locating a hub in London, “…London was a natural choice for our first office outside of the U.S. Language, accessibility to rest of Europe, a vibrant start-up ecosystem, the financial market, talent and flexible business conditions were all contributing factors.” Other areas of Britain have attracted high-tech heavyweights and start-ups alike.

With Brexit, some of those desirable qualities could disappear. Accessibility to the single EU market is in jeopardy, which could result in less than favorable trade arrangements and higher tariffs for companies operating in an independent Britain. A recent BBC article suggests that Berlin, for example, will actively court those tech start-ups and venture capitalists that have been pouring money into Britain. In making her pitch, Cordelia Yzer, Berlin Senator for Commerce and Technology, said, “They are welcome, their talent is more than welcome. It’s a great place to live and we also speak English. Berlin is a place where their dreams can come true.”

High Finance

Another potential issue for tech firms in Britain is access to capital. Start-ups in particular, but all tech firms in general, are capital-intensive operations mainly used for talent and equipment. A recent Reuters article reports that Standard and Poors and Fitch Rating recently dropped their credit rating for the country. This could make it harder or more expensive for companies to borrow capital for expansion or for a start-up. These companies could consider other EU centers such as Berlin or Paris, where funds are less expensive.

Data Privacy

The EU and the U.S. are working on the latest changes to their data privacy agreement. The EU has some of the toughest privacy laws in the world with Germany and France leading the charge in areas such as “the right to be forgotten,” which require companies such as Google to erase all internet history of an individual upon their request. Britain has pushed for less stringent regulations but it remains to be seen whether they will still abide by the EU-U.S. data privacy agreement. That brings up the question of whether data flowing through Britain will still adhere to those standards, or will it be less secure?

Thoughts

The exit is still being planned, though EU countries are pushing to get it done sooner rather than later. With the separation come questions for high-tech companies and consumers. These will be sorted out over time and I will be watching the developments with interest. Can you think of any tech benefits or drawbacks to a post-EU Britain? Let me know your thoughts.

About Kelly Brown

Careers in Technology: Threat Intelligence

I recently came across an interesting New York Times article highlighting the field of threat intelligence. Gartner expects the market for this security service to reach $1 billion next year, up from $255 million in 2013. Surely there must be job opportunities for the person with the right preparation, education, and credentials. I did more research into this technology career and came up with some interesting prospects.

Making Lemonade out of Lemons

In the article, the author cited a case of a family welding shop in Wisconsin that ran a small server for tracking orders, billings and suppliers. Their server was hacked, and they were totally unaware until a Silicon Valley security firm contacted them. The firm noticed that it had become a proxy to get to other vulnerable servers, some from very large companies. The security firm left the server in place but now closely monitors the traffic going in and out of it and can preemptively warn clients when they have been breached or are about to be compromised. Threat intelligence is really about being proactive, as opposed to reactive, and monitoring security issues or paying others to monitor them for you.

Education

For education in this field, it is best to pursue the Certified Information Systems Security Professional designation. This training is available through self study, on-site or online training which prepares you for the mandatory tests. There is even a “CISSP For Dummies” book but I am not sure I would trust my network to someone who chose that route to learn the business.

In addition to the CISSP, there are specialized courses in threat intelligence to augment the CISSP training and certification. These courses take you beyond basic intrusion detection and teach you how to battle persistent threats and how to programmatically counter these threats.

Jobs

There are jobs available in private industry for security firms that do threat intelligence and sell that information to clients. Many major corporations want to build in-house expertise in this area in order to fend off hackers and protect proprietary information. There are also government jobs available from agencies trying to get the upper hand on security threats. This expertise might have prevented the breach of the Democratic National Committee that I mentioned in last week’s blog.

Thoughts

Network and system security is becoming more critical as some of our most valuable assets are the data we store about customers, new products, proprietary processes, and partner agreements. It is essential for firms and agencies to do all they can to protect that data. That means now moving from a reactive approach to the proactive and systematic method offered by the new field of threat intelligence.

About Kelly Brown